From owner-freebsd-doc@freebsd.org Wed Jun 27 03:36:04 2018 Return-Path: Delivered-To: freebsd-doc@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2C348102B1F9 for ; Wed, 27 Jun 2018 03:36:04 +0000 (UTC) (envelope-from eamonn.nugent@demilletech.net) Received: from mail-yb0-x232.google.com (mail-yb0-x232.google.com [IPv6:2607:f8b0:4002:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C5CDE90FE7 for ; Wed, 27 Jun 2018 03:36:03 +0000 (UTC) (envelope-from eamonn.nugent@demilletech.net) Received: by mail-yb0-x232.google.com with SMTP id a2-v6so219755ybe.11 for ; Tue, 26 Jun 2018 20:36:03 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=y+Xei24d/FHRXNLTdjcmevgtSHGqQZUBrgrfcA/13hY=; b=czx8Up1VlHBQherDITGWCx8eOvUNjzMLw6eRLnDgcBtoIIzwpe8typMdue5VFPtvul 1ygdb7iJUxDs5bHZeExfZnfYKh8Rz13YumOX/L1sGpjp+Gz2lDlTjnsvNyawWl23yIqy uLH8Df6slU5zdHE5rXEmiXuLyS0N4qnjm1pq0kdABWIGBrI5PKeTUl/BpLrCOaIoFsJT 5w5piV+dyO7ImvFaOV4tgVfvogtJEApScLJ4OLa21dcMDEuZl8oZCZiAPSh7DLrKAcwg IEIDaLyKvJYFsdkSaNEobwPxJxlgjOawFM2hGQa5H6hI1JQGjQlncv/qhpu/jg+I+bWS M/GQ== X-Gm-Message-State: APt69E30deDPkUfQL/Mij6UHHNCT4a/t5LisV8xjHx6umdk/RUTbALBs YD7hRwWjT3V/FX5Aiq6qUTeMfjKnnLEIvA01lq6KufpNdWA= X-Google-Smtp-Source: ADUXVKJngqGjsONTTHnDdhTCBgaebymEJ4Ia32likspzgRNPYHgz4fuUuXmSMlGGJm25+NJ5LLGWD2ewVDXyQKXlZnE= X-Received: by 2002:a25:7ec6:: with SMTP id z189-v6mr2090267ybc.266.1530070562968; Tue, 26 Jun 2018 20:36:02 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:1e85:0:0:0:0:0 with HTTP; Tue, 26 Jun 2018 20:35:42 -0700 (PDT) From: Eamonn Nugent Date: Tue, 26 Jun 2018 23:35:42 -0400 Message-ID: Subject: Possible avenue for DOS attack on the site? To: freebsd-doc@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.26 X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Jun 2018 03:36:04 -0000 Hello, all Just a quick note. When I went to grab some packages from the package list (long story), I noticed the time to load took *forever*. I'm just going to hazard a guess that it's generating the list from the directory for every request? If I may make a gentle suggestion, this could cause a DOS if someone wanted to make a bunch of requests to the "all" package list. Perhaps this HTML could be served as static and generated by a cronjob every half hour or so? I don't know how the server is configured, though, so it could be a load of work. Cloudflare, perhaps? Also, I hope this email doesn't go to too many people who have it out for the FreeBSD project... For what it's worth, here's the page I was on: http://pkg.freebsd.org/FreeBSD:11:amd64/release_1/All/ Thanks, Eamonn Nugent, CTO demilleTech eamonn.nugent@demilletech.net Company company@demilletech.net Sales sales@demilletech.net Support support@demilletech.net This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.